The Nexxus Loopback Module is actually a module internal to Nexxus. It allows the user to perform internal Nexxus functions. This module is the only module in which a NODE_ID argument is optional in IPC messages.
Nexxus maintains the system nodelist, user lists, logs, access control lists, and manages command dispatching. The module interface is designed for use by administrators primarily, although depending on your particular topology you may want to allow users to access certain functions.
Once a client connection is established to Nexxus, it is necessary for the client to authenticate as a user. Note that the client library does this authentication for you, so it is not necessary to send the authentication message when using clients that have linked with the client library.
FORMAT: NEXXUS:AUTH:<USER_NAME>:<USER_PASSWORD> RESPONSES: JOB_STARTED - Authentication Commencing JOB_COMPLETED - Authentication Complete JOB_ERROR:BAD_AUTH - Authentication Failed |
The version of VACM running can be identified by the following command:
FORMAT:
NEXXUS:VERSION
RESPONSES:
JOB_STARTED
VERSION:<STRING>:<IPC_VER> - Version string and
module IPC version compliance
JOB_COMPLETED |
A list of all modules currently loaded by Nexxus and available for use can be retrieved by the following command:
FORMAT:
NEXXUS:NEXXUS_MODULES
RESPONSES:
JOB_STARTED
MODULE:SHORT NAME<:LONG NAME>:<AUTHOR>:<DESCRIPTION>:<VERSION>:<STATE>
JOB_COMPLETED
FIELDS:
<IPC_TAG> - The identifier for the module.
This tag should be used to
send messages to the module
<STATE> - The internal Nexxus state of
the module. This value should
not be relied upon for anything. |
Nodes are added to Nexxus with the NODE_ADD command. This command takes a unique NODE_ID as it's first argument. The second argument is a GROUP to which the node is to belong. If you don't have a particular group in mind, specify the 'DEFAULT' group. Note that the current user must be a member of the group the node is to be added to. If GROUP does not exist, it will be implicitly created, and the current user added.
FORMAT:
NEXXUS:NODE_ADD:<NODE_ID>:<GROUP>
RESPONSES:
JOB_STARTED
JOB_ERROR:NODE_EXISTS - The node_id is not unique to the system.
(It may exist in another group)
JOB_ERROR:BAD_GROUP - The current user is not a member of
the group specified
JOB_COMPLETED |
Nodes can be removed with the NODE_DEL command:
FORMAT: NEXXUS:NODE_DEL:<NODE_ID> RESPONSES: JOB_STARTED JOB_ERROR:NODE_NOT_FOUND JOB_COMPLETED |
Nodes can be renamed using the NODE_RENAME command:
FORMAT: NEXXUS:NODE_RENAME:<OLD_NAME>:<NEW_NAME> RESPONSES: JOB_STARTED JOB_ERROR:NODE_EXISTS JOB_ERROR:NODE_NOT_FOUND JOB_COMPLETED |
A nodelist is obtained with the NODE_LIST command:
FORMAT: NEXXUS:NODE_LIST RESPONSES: JOB_STARTED NODELIST:<GROUP>:<NAME> JOB_COMPLETED |
Users are added to Nexxus's userlist with the ADMIN_ADD command. The new account is not allowed to connect from anywhere, and cannot execute any IPC commands. To add IPC and access privileges, you must use the ADMIN_ADD_ADDR_ACL and ADMIN_ADD_MOD_ACL commands. The default ACL policies are set to DENY. To change this, use the ADMIN_CHG_DEFAULT command.
FORMAT:
NEXXUS:<ADMIN_ADD:USER_NAME>:<PASSWORD>:<GROUP>
RESPONSES:
JOB_STARTED
JOB_ERROR:USER_EXISTS
JOB_ERROR:PASSWORD_TOO_LONG - Password is > 40 characters
JOB_ERROR:BAD_PASSWORD - Password contains illegal
characters
JOB_ERROR:BAD_GROUP - Current user is not a member
of the group the new user
is to belong to |
Users are removed from Nexxus's userlist with the ADMIN_DEL command:
FORMAT: NEXXUS:ADMIN_DEL:<USER_NAME> RESPONSES: JOB_STARTED JOB_ERROR:USER_NOT_FOUND JOB_COMPLETED |
Users may be renamed with the ADMIN_RENAME command:
FORMAT: NEXXUS:ADMIN_RENAME:<OLD_NAME>:<NEW_NAME> RESPONSES: JOB_STARTED JOB_ERROR:USER_NOT_FOUND JOB_ERROR:USER_EXISTS JOB_COMPLETED |
A list of users can be obtained from Nexxus with the ADMIN_LIST command:
FORMAT: NEXXUS:ADMIN_LIST RESPONSES: JOB_STARTED ADMIN_LIST:<USER> JOB_COMPLETED |
The ADMIN_CHG_PASSWORD command is used to change the current user's password. It requires the old as well as the new password. The old password is verified before the password is changed.
FORMAT:
NEXXUS:ADMIN_CHG_PASSWORD:<OLD PASSWORD>:<NEW PASSWORD>
RESPONSES:
JOB_STARTED
JOB_ERROR:BAD_AUTH - Specified OLD password was not
correct for current user
JOB_COMPLETED |
The ADMIN_SET_PASSWORD command is used by administrators to set or reset a user's password. This command should be restricted to all but the main administrator as it allows the password of *any* user to be changed *without* any authentication checks.
FORMAT: NEXXUS:ADMIN_SET_PASSWORD:<USER NAME>:<NEW PASSWORD> RESPONSES: JOB_STARTED JOB_ERROR:USER_NOT_FOUND JOB_COMPLETED |
The ADMIN_LIST_GROUPS command is used to return a list of groups that the specified user is a member of.
FORMAT: NEXXUS:ADMIN_LIST_GROUPS:<USER> RESPONSES: JOB_STARTED JOB_ERROR:USER_NOT_FOUND ADMIN_LIST_GROUPS:<GROUP> JOB_COMPLETED |
Module IPC rules are used to control the IPC commands a user is permitted to send. For example, an administrator may want to allow user 'Bob' to have the ability to send messages to the SYSSTAT module to obtain system status information. But, the administrator may want to restrict Bob so that he can't send 'POWER_OFF' messages to the EMP module. A module IPC rule can be added with the ADMIN_ADD_MOD_ACL_RULE command:
FORMAT:
NEXXUS:ADMIN_ADD_MOD_ACL_RULE:<USER_NAME>:<POLICY>:<MODULE>:<GLOB>
RESPONSES:
JOB_STARTED
JOB_ERROR:USER_NOT_FOUND
JOB_ERROR:DUPLICATE_RULE
JOB_COMPLETED
FIELDS:
<POLICY> - Can be either ALLOW or DENY
<MODULE> - The module IPC tag this rule is for
<GLOB> - A standard shell style GLOB wildcard
pattern that will be applied to the
command string to determine if this
rule is to be used.
EXAMPLES:
NEXXUS:ADMIN_ADD_MOD_ACL_RULE:SAN:DENY:EMP:POWER_*
NEXXUS:ADMIN_ADD_MOD_ACL_RULE:SAN:ALLOW:EMP:* |
An IPC rule can be deleted for a user with the ADMIN_DEL_MOD_ACL_RULE. Field descriptions are identical to that of ADMIN_ADD_MOD_ACL_RULE.
FORMAT: NEXXUS:ADMIN_DEL_MOD_ACL_RULE:<USER_NAME>:<POLICY>:<MODULE>:<GLOB> RESPONSES: JOB_STARTED JOB_ERROR:USER_NOT_FOUND JOB_ERROR:RULE_NOT_FOUND JOB_COMPLETED |
Obtain a list of module ACL rules with the ADMIN_LIST_MOD_ACL_RULES command:
FORMAT: NEXXUS:ADMIN_LIST_MOD_ACL_RULES:<USER NAME> RESPONSES: JOB_STARTED MOD_ACL_RULE:<MODULE>:<POLICY>:<GLOB> JOB_COMPLETED |
Address rules allow Nexxus to control the TCP/IP address a user may connect from. The ADMIN_ADDR_ACL_RULE command is used for this purpose. The argument <POLICY> is either ALLOW, or DENY. The argument <ADDR> specifies the network address pattern for the rule. <SIGBITS> is the number of significant bits in the address to match against.
FORMAT: NEXXUS:ADMIN_ADD_ADDR_ACL_RULE:<USER NAME>:<POLICY>:<ADDRESS>:<SIGBITS> RESPONSES: JOB_STARTED JOB_ERROR:USER_NOT_FOUND JOB_ERROR:DUPLICATE_RULE JOB_ERROR:BAD_SIGBITS - sigbits 0 or > 32 JOB_ERROR:BAD_ADDRESS - Invalid inet address specified JOB_COMPLETED EXAMPLES: NEXXUS:ADMIN_ADD_ADDR_ACL_RULE:san:ALLOW:127.0.0.7:32 NEXXUS:ADMIN_ADD_ADDR_ACL_RULE:san:DENY:10.1.0.0:16 |
An address rule can be deleted for a user with the ADMIN_DEL_ADDR_ACL_RULE. Field descriptions are identical to that of ADMIN_ADD_ADDR_ACL_RULE.
FORMAT: NEXXUS:ADMIN_DEL_MOD_ADDR_RULE:<USER NAME>:<POLICY>:<ADDRESS>:<SIGBITS> RESPONSES: JOB_STARTED JOB_ERROR:USER_NOT_FOUND JOB_ERROR:RULE_NOT_FOUND JOB_ERROR:BAD_SIGBITS - sigbits 0 or > 32 JOB_ERROR:BAD_ADDR - Invalid inet address specified JOB_COMPLETED |
A list of Address rules for a user can be obtained with the ADMIN_LIST_ADDR_ACL_RULES command:
FORMAT: NEXXUS:ADMIN_LIST_ADDR_ACL_RULES:<USER NAME> RESPONSES: JOB_STARTED ADDR_ACL_RULE:<POLICY>:<ADDRESS>:<SIGBITS> JOB_COMPLETED |
The default ACL policy for a user is used when there is no specific matching ACL rule found in the user's configuration. There is a separate default policy specified for both module IPC and address access control. The ADMIN_LIST_DEFAULT_ACL_POLICY command returns the current default policy behavior for the acl and user specified. The <ACL> field must be either 'MODULE' or 'ADDRESS'
FORMAT:
NEXXUS:ADMIN_LIST_DEFAULT_ACL_POLICY:<USER NAME>:<ACL>
RESPONSES:
JOB_STARTED
JOB_ERROR:USER_NOT_FOUND
JOB_ERROR:BAD_ACL - ACL was not one
of 'ADDRESS' or 'MODULE'
DEFAULT_POLICY:<POLICY> - The default policy.
Either 'ALLOW' or 'DENY'
JOB_COMPLETED |
To change the default ACL policy for a user, the ADMIN_CHG_DEFAULT_ACL_POLICY command is used. The specified ACL default policy type is changed for the specified user to the specified policy.
FORMAT: NEXXUS:ADMIN_CHG:DEFAULT_ACL_POLICY:<USER NAME>:<ACL>:<POLICY> RESPONSES: JOB_STARTED JOB_ERROR:USER_NOT_FOUND JOB_ERROR:BAD_ACL JOB_ERROR:BAD_POLICY JOB_COMPLETED |
In most installations, an administrator arranges nodes in groups. Groups allow nodes to be separated in such a way that only users that belong to the group are allowed to see the nodes or perform operations on them. For example, an installation may have a 100 node webfarm and a 5 node database cluster. The webfarm administrators may not want the database administrators to be able to power down their machines (by accident or deliberately); so the webfarm nodes are added into a separate group to which only the webfarm administrators are members of. A group is created with the GROUP_ADD command.
FORMAT: NEXXUS:GROUP_ADD:<GROUP NAME> RESPONSES: JOB_STARTED JOB_ERROR:GROUP_EXISTS JOB_COMPLETED |
A group can be removed with the GROUP_DEL command. A group can only be deleted if it contains no nodes or members. The 'DEFAULT' group cannot be deleted.
FORMAT: NEXXUS:GROUP_DEL:<GROUP NAME> RESPONSES: JOB_STARTED JOB_ERROR:GROUP_NOT_FOUND JOB_ERROR:BAD_GROUP JOB_ERROR:GROUP_HAS_NODES JOB_ERROR:GROUP_HAS_MEMBERS JOB_COMPLETED |
Rename a group with the GROUP_RENAME command:
FORMAT: NEXXUS:GROUP_RENAME:<OLD_NAME>:<NEW_NAME> RESPONSES: JOB_STARTED JOB_ERROR:GROUP_NOT_FOUND JOB_ERROR:GROUP_EXISTS |
A node may be moved into or assigned to a group with the NODE_SET_GROUP command:
FORMAT: NEXXUS:NODE_SET_GROUP:<NODE_ID>:<GROUP> RESPONSES: JOB_STARTED JOB_ERROR:GROUP_NOT_FOUND JOB_ERROR:NODE_NOT_FOUND JOB_ERROR:ALREADY_IN_GROUP |
A list of all existing groups may be retrieved with the GROUP_LIST command:
FORMAT: NEXXUS:GROUP_LIST RESPONSES: JOB_STARTED GROUP_LIST:<GROUP NAME> JOB_COMPLETED |
A group may be added to the list of groups a user is in by using the GROUP_ADD_ADMIN command:
FORMAT: NEXXUS:GROUP_ADD_ADMIN:<GROUP NAME>:<USER NAME> RESPONSES: JOB_STARTED JOB_ERROR:GROUP_NOT_FOUND JOB_ERROR:USER_NOT_FOUND JOB_ERROR:ALREADY_IN_GROUP JOB_COMPLETED |
A group may be removed from the list of groups a user is in by using the GROUP_DEL_ADMIN command:
FORMAT: NEXXUS:GROUP_DEL_ADMIN:<GROUP NAME>:<USER NAME> RESPONSES: JOB_STARTED JOB_ERROR:GROUP_NOT_FOUND JOB_ERROR:USER_NOT_FOUND JOB_ERROR:NOT_IN_GROUP JOB_COMPLETED |
Getting and Setting of node global variables can be done using the GET_VAR and SET_VAR commands:
FORMAT: NEXXUS:GET_VAR:<NODE_ID>:<VARIABLE_NAME> FORMAT: NEXXUS_SET_VAR:<NODE_ID>:<VARIABLE_NAME>:<VALUE> RESPONSES: JOB_STARTED JOB_ERROR:NODE_NOT_FOUND JOB_ERROR:VAR_NOT_SET JOB_COMPLETED |
Sometimes client may want to retrieve a particular variable from all nodes. The NODE_VAR_LIST allows you to do this. If the variable is not set on a node, the <VALUE> field will return empty.
FORMAT: NEXXUS:NODE_VAR_LIST:<VARIABLE_NAME> RESPONSES: JOB_STARTED NODEVARLIST:<JOB_ID>:<VARIABLE_NAME>:<VALUE> JOB_COMPLETED |
To enable or disable debug mode on a running Nexxus (which is the same as launching Nexxus with the -d switch on the commandline):
FORMAT: NEXXUS:NEXXUS_DEBUG:ON FORMAT: NEXXUS:NEXXUS_DEBUG:OFF RESPONSES: JOB_STARTED JOB_ERROR:INVALID_ARGUMENT JOB_COMPLETED |
To list the users currently connected to a Nexxus, use the 'LIST_CLIENTS' command:
FORMAT: NEXXUS:LIST_CLIENTS RESPONSES: JOB_STARTED NEXXUS:<JOB_ID>:LIST_CLIENTS:<FD>:<USERNAME>:<IDLE SECONDS> JOB_COMPLETED |
To send an online message string to all online users, use the 'WALL' command:
FORMAT: NEXXUS:WALL:<MSG> RESPONSES: JOB_STARTED NEXXUS:<JOB_ID>:WALL:<USER>:<IP_ADDRESS>:<MSG> JOB_COMPLETED |
The only unsolicited messages supported by nexxus is the 'WALL' message indicating a message has been sent from an online user:
NEXXUS:0:WALL:<USER>:<IP_ADDRESS>:<MSG> |